diff options
Diffstat (limited to 'server/db')
-rw-r--r-- | server/db/sysdb.c | 145 | ||||
-rw-r--r-- | server/db/sysdb.h | 11 |
2 files changed, 81 insertions, 75 deletions
diff --git a/server/db/sysdb.c b/server/db/sysdb.c index 175bf545..edf3593f 100644 --- a/server/db/sysdb.c +++ b/server/db/sysdb.c @@ -1263,24 +1263,21 @@ done: return ret; } +/* Wrapper around adding a user account to a POSIX group */ int sysdb_add_acct_to_posix_group(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *domain, - const char *gname, + const char *group, const char *username) { TALLOC_CTX *tmp_ctx; - int ret, lret; + int ret; char *account; struct ldb_dn *acct_dn; struct ldb_dn *group_dn; - struct ldb_message *msg; - struct ldb_result *res; - struct ldb_request *req; - const char *acct_attrs[] = { SYSDB_PW_NAME, NULL }; - const char *group_attrs[] = { SYSDB_GR_MEMBER, NULL }; - if (!sysdb || !domain || !gname || !username) { + + if (!sysdb || !domain || !group || !username) { return EINVAL; } @@ -1292,88 +1289,86 @@ int sysdb_add_acct_to_posix_group(TALLOC_CTX *mem_ctx, account = talloc_asprintf(tmp_ctx, SYSDB_PW_NAME"=%s,"SYSDB_TMPL_USER_BASE, username, domain); - if (account == NULL) { - talloc_free(tmp_ctx); - return ENOMEM; - } + if (account == NULL) goto done; + acct_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, account); - if (acct_dn == NULL) { - talloc_free(tmp_ctx); - return ENOMEM; - } + if (acct_dn == NULL) goto done; group_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_GR_NAME"=%s,"SYSDB_TMPL_GROUP_BASE, - gname, domain); - if (group_dn == NULL) { - talloc_free(tmp_ctx); - return ENOMEM; - } - ret = EOK; + group, domain); + if (group_dn == NULL) goto done; - /* Start LDB Transaction */ - lret = ldb_transaction_start(sysdb->ldb); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); - talloc_free(tmp_ctx); - return EIO; - } + ret = sysdb_add_member_to_posix_group(tmp_ctx, sysdb, acct_dn, group_dn); - /* Verify the existence of the user */ - lret = ldb_search(sysdb->ldb, tmp_ctx, &res, acct_dn, - LDB_SCOPE_BASE, acct_attrs, SYSDB_PWENT_FILTER); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed to make search request: %s(%d)[%s]\b", - ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb))); - ret = EIO; - goto done; - } +done: + talloc_free(tmp_ctx); + return ret; +} - switch(res->count) { - case 0: - DEBUG(1, ("No such user to add to group.\n")); - goto done; - break; +/* Wrapper around adding a POSIX group to a POSIX group */ +int sysdb_add_group_to_posix_group(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + const char *domain, + const char *group, + const char *member_group) +{ + TALLOC_CTX *tmp_ctx; + int ret; + char *member_group_canonical; + struct ldb_dn *member_group_dn; + struct ldb_dn *group_dn; - case 1: - /* Exactly one user returned. Proceed */ - break; - default: - DEBUG(0, ("Cache DB corrupted, base search returned %d results\n", - res->count)); - ret = EIO; - goto done; + if (!sysdb || !domain || !group || !member_group) { + return EINVAL; } - talloc_free(res); - /* Verify the existence of the group */ - lret = ldb_search(sysdb->ldb, tmp_ctx, &res, group_dn, - LDB_SCOPE_BASE, group_attrs, SYSDB_GRENT_FILTER); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed to make search request: %s(%d)[%s]\b", - ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb))); - ret = EIO; - goto done; + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + return ENOMEM; } - switch(res->count) { - case 0: - DEBUG(1, ("No such group.\n")); - goto done; - break; + member_group_canonical = talloc_asprintf(tmp_ctx, + SYSDB_GR_NAME"=%s,"SYSDB_TMPL_GROUP_BASE, + member_group, domain); + if (member_group_canonical == NULL) goto done; - case 1: - /* Exactly one user returned. Proceed */ - break; + member_group_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, member_group_canonical); + if (member_group_dn == NULL) goto done; - default: - DEBUG(0, ("Cache DB corrupted, base search returned %d results\n", - res->count)); - ret = EIO; - goto done; + group_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + SYSDB_GR_NAME"=%s,"SYSDB_TMPL_GROUP_BASE, + group, domain); + if (group_dn == NULL) goto done; + + ret = sysdb_add_member_to_posix_group(tmp_ctx, sysdb, member_group_dn, group_dn); + +done: + talloc_free(tmp_ctx); + return ret; +} + +int sysdb_add_member_to_posix_group(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct ldb_dn *member_dn, + struct ldb_dn *group_dn) +{ + TALLOC_CTX *tmp_ctx; + int ret, lret; + struct ldb_message *msg; + struct ldb_request *req; + + tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) return ENOMEM; + + /* Start LDB Transaction */ + lret = ldb_transaction_start(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); + talloc_free(tmp_ctx); + return EIO; } - talloc_free(res); /* Add the user as a member of the group */ msg = ldb_msg_new(tmp_ctx); @@ -1384,7 +1379,7 @@ int sysdb_add_acct_to_posix_group(TALLOC_CTX *mem_ctx, msg->dn = group_dn; lret = ldb_msg_add_empty(msg, SYSDB_GR_MEMBER, LDB_FLAG_MOD_ADD, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_fmt(msg, SYSDB_GR_MEMBER, "%s", account); + lret = ldb_msg_add_fmt(msg, SYSDB_GR_MEMBER, "%s", ldb_dn_alloc_linearized(tmp_ctx, member_dn)); } if (lret != LDB_SUCCESS) { ret = errno; diff --git a/server/db/sysdb.h b/server/db/sysdb.h index 19781fb4..014e2ce9 100644 --- a/server/db/sysdb.h +++ b/server/db/sysdb.h @@ -160,4 +160,15 @@ int sysdb_add_acct_to_posix_group(TALLOC_CTX *mem_ctx, const char *domain, const char *gname, const char *username); + +int sysdb_add_group_to_posix_group(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + const char *domain, + const char *group, + const char *member_group); + +int sysdb_add_member_to_posix_group(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct ldb_dn *member_dn, + struct ldb_dn *group_dn); #endif /* __SYS_DB_H__ */ |